{"id":42217,"date":"2021-06-25T00:00:00","date_gmt":"2021-06-25T00:00:00","guid":{"rendered":"https:\/\/www.trendmicro.com\/en_us\/devops\/21\/f\/how-to-achieve-more-security-observability.html"},"modified":"2021-06-25T00:00:00","modified_gmt":"2021-06-25T00:00:00","slug":"cloud-native-security-more-security-observability-cloud-advocate","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/cloud-native-security-more-security-observability-cloud-advocate\/","title":{"rendered":"Cloud-Native Security: More Security Observability Cloud Advocate"},"content":{"rendered":"

<\/p>\n

<\/div>\n

Systems continue to become even more distributed and complex, full observability, including security observability, into these applications is rising in importance for CloudOps and security practitioners. For developers, autonomous security observality throughout production drives quicker and cleaner innovation, all while appeasing security teams. Adopting a security observability strategy can provide visibility into cloud-native infrastructures, such as microservices, serverless and containers.<\/p>\n

Observability vs. visibility<\/span><\/b><\/p>\n

You\u2019ve probably heard a lot about why visibility through build to deployment is important, and observability may just seem like a fancier word that means the same thing, but, in security, they have different meanings:<\/p>\n

Visibility: Monitoring systems, networks, applications, and solutions to aggregrate data. Previously, organizations tried to achieve visibility by purchasing point products for every endpoint, but this led to lots of manual work putting the pieces together. APIs have enabled platform solutions that provide a single telemetry of truth for the entire infrastructure.<\/p>\n

Observability: This expands on monitoring and enables correlating and inspection of the data to provide defense in depth. There are three types of data needed to make a system observable: raw data (logs), metrics, distributed traces. You also need data analysis\/visualization tools to mine the data and identify patterns, improve AI and machine learning, and ultimately improve remediation.<\/p>\n

Think of visibility like Google Maps and observability is like Google Street View. Google Maps allows you to see the entire world and you can narrow in on certain locations for a more detailed view, but Google Street View allows you to walk around and see what\u2019s really going on. Similarily, visibility gives you the entire picture of your infrastructure, and observability helps you see what\u2019s happening inside your infrastructure.<\/p>\n

Benefits of observability for DevOps teams<\/span><\/b><\/p>\n

Visibility and observability are intertwined\u2014you cannot maximize security without incorporating both in your strategy. As a developer, you may shrug and think this isn\u2019t your concern, but incorporating observability into your pipeline benefits you as well:<\/p>\n